From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69914ECAAD6 for ; Fri, 26 Aug 2022 19:32:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236442AbiHZTcB (ORCPT ); Fri, 26 Aug 2022 15:32:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34732 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230151AbiHZTcA (ORCPT ); Fri, 26 Aug 2022 15:32:00 -0400 Received: from sonic306-27.consmr.mail.ne1.yahoo.com (sonic306-27.consmr.mail.ne1.yahoo.com [66.163.189.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD8C6E01DD for ; Fri, 26 Aug 2022 12:31:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1661542318; bh=eRSaZDAZjSTKQf2yiKPJQIq4Fswa5nLrigar4ETRbo4=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From:Subject:Reply-To; b=Q0HW0R0DdU4j27d3XH9AZijQuJwUmrJUrNgmCxqeYWNGxxCKiLxhv0dUx6niBhK3612jtuHIzAeBb38CIA5FZP7f0QGbb9skYVCrogjoUVRY8mXpozsYH4G23RKHItzamVZQy30UQ6BzbxXeKErwZWkkGonxdj1IKG3IxTAY+m4ta83vcWhJvobnzHSo3i+simUWCM1WbRrJWOl2YvM4wKAWQoh56rR0fv6h18ErLr//94FtQycSTuXm38nm2R4+XxuqwxyeE9Wa7qHvwnZlzU1DuFEg/tUw0pe+Ukkh3GM10rqHbKUK+334lvS+t2gnX5Kt2gPCfT1pnYqpm+8cPw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1661542318; bh=yx3VYsjdXgMngqM1wo6/2rm3CGvgCaN8HKtbbikYPrh=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=eAVca3b+RUI24VY8V72Hflca0bMs67ubrRalCpcjIwosBeRcM7789sjps9p+VeWlyUvAY7swPUdRQZHP9gUpvXKmpRHgn9ccOGgqsB3DDewpT4ooHJzHe9je7jrVFqD1a2jGtsQCI3JCqquc6DE2SRCtr0216OzKqUMhdTz3TISiR8ydKTNm/t/jXwAwzfr4zA9sDSWBNflVqLAwgHV1CDE3mj6TfZQxhBykE2rla9Blwad6UiZCYmNFOduYvHvtwEtYnDjZQWkw8YJlblJf14p7lPA5D9C8WJRSKekv1aUiU7jYPcTB4bzGmT7Fnjb9KnLdrGk6SYyqxOUwcdc7fg== X-YMail-OSG: ihTGedMVM1mDnpmh20pBNxRoYKIDXQ1bfsj9NuvVi.BuTCcDJrgEZQsk76O.rSG HrchBmZGZr4OtfsTSfuQxMhUONShlwNDKn6iOYeeFJYz1iFykBdZ9AEJ3j55G0m4c_uBXQveR5Sw gyCxbPo5RedC_pt7s5tw.YbLQBtxiIITptUvX7j6QpkFA53aO9yaENN9S6ibIQlOal4fmMXql6Xl 9Cf.uCw_G.hQuoruoVtVpGLHjIY7PSe0AE.8vYyAH1mGSIVX3d_8kGgfoJHryYRDYQaYZBiSDkw8 vdfMU0dPAQwGkQiy.yGMjdoIKi.NT_B70D_EVQi2qYn1n69UKrzKwgh7VbZ3Eivs9dkGa5m.LFtj b9Vewvokw8Akev.pAF_M.fCXCmbhVLRQ0fBhGE8Awb30ZfXRCJLJdkq36W9P.gWleVQGEJefdkfj 2AbzOD7bJgrPwgeNKBMHhZ9DWrSv9XRRs1HR78MSv.bC61umJYlZVPURURqFti24DQWGRtD4.qCs 7wzVGezIdHvpH9PNYbyLLXNrr1oaNUDg9Ji9mGFbsTq9JBSEXOEC7qqEzLpw6m3eakNk48_8TUEa QLsmvxl8ErTKAg1U6tz12IQ8uKIjHoS8qBHzKLxKTcZQOVQKPqQN7YWHlhkSpf7cBQoRNdtokY1R 0vPDBqv4rCkArHPM94syk7R_JkzppfIRWZdu77.n7rirkYyUVLvU3SOPzfKLidC9wjfd5mkSdUqI 7w86ZfJV_wCeJcX6yhS8uJM96cFXksSXej6tUgDABN_vxSUFl438jrdlg0FN_wZkdD9btPI9sSw9 MOZeuOfF1USGT47b7tA0DPjFEZJMFdIwXQVVj1C90BKFSJi6zCRTe3VjTOyVFO1UQQcoKbBhfdhT .R3cBUM3Uw5jI22LIN5WFPmUsndHimeZTIMRxKTFz37JCm7.i4PJhB4qaLaRk3AkG.KOtOFx0BRa MdzMsPTMe0gCr65Ucp6SOU.EuSMspElLnZvk4Ov491slLF9_ftnxM9XiuX5Evos9nWtPepbx.iL6 QW_GuL50lQfQ3IftvRQNMaBxdCO.sng_r3ic2XGaO6C.pEqNIy0k5V5vJphtbsSSX7.V2ewDLVpb tGsUeNr.Fc6HO7z_ufvUeuLewDVMcMITLpDsK_3XIPCaKur4UDt0N3Wq02vXSvtsVUwlVMkF4L3s 91_NLaF6_Ix8osGQ6D4nx_ecJrMR6m77KfcFbkSujqe24U0jZSxCy_IIbc0_k0HoWge39l9Mv6Bw VGQY3zLsaKpJl_Q_KfHTyjAnleg7WC1QGn_1lIY7JyacpzC7YD6d4F03FC_tlFMpuzCVugd6LBjK n8slMk2jss4rLMNEW13Rl0moXOwXzV3NwjcIdHDqyU4KVkLmfgZHaiSvl40xECdLrQ8j3NX77kPk 6Z.rEdIsfKuNEs6cKH82FBi039clk1php.DIKAjIUkaPd41tcze_LMV_8IuKXenJREbdPF_SAobs TF4GWh2XBoFDcvXxSPr.IywvP.USVSVoTAQFA7eqx9YFrtwNbM7ygghTYFzbHKTXXVxRTHJbPU5J tN8l.pvEJZSTq_b8ohZVkRsrc630_WZU8B0VZOG6mRsYOMxz5IO1A_9RIEKauvKEq75D6a4_evYj ShiNXUly7jhsxALQ9GUZCU1FIW232IuB91f_7W.6BGfGNfexna1BZPVVhJxisR9v0zyQme6y7mD1 1Kpz0Z1MlZYD4rVDFsIwXeFX1cuVPUpneQUT2BrVSoGAbIqto_qrdDNCpNLadS59zPDyKu3BVCZU fwEAu7RagpAmrgfipL6G6kkcowHnE1VirxRgOUnQ0FehtM.BJguXYK1zS40WLC1gnM7h0AM5JQgJ 7jJZhKyjvIdQxNUjo3JN8HQckWfo9QKJuyfqsI.z8_jDYnq4MSw55LlYMVHjjrn89LtEkCVE4h8W 92wh1TYsriYlqxWseHKc8X4oS2Ejnxhei6ckZ8oXMKP6M.SQ1HW9HyuS7Cq7BM29x6OEIgwcqVh. X2m0CYWHj_ZbiI5dY38_lwf9R1KgS4lX3Q07tOr.6nyt3GqyfMaomABdzieMa4C0wtru40L7x4CV 8fsUYt0bQ0iTkRGP.OCUraSd_vW6qzxfBcTyxVBFoIEVG2sFdJWNO_8s3anBwmNcl63TxMJraB2F honZstHMti3JN8S9VZXEaHA7h08TAiFNockwjy1byU8UMAx_jrP1pVYpHKD8GKoGBz.WqIa.7yJ. d9vzXfHmRROECm49S9PusGz0O_FKYAWki3mks7w-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Fri, 26 Aug 2022 19:31:58 +0000 Received: by hermes--production-ne1-6649c47445-f6s6h (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID f510391c75d9030ef3dc7f2844e75d1c; Fri, 26 Aug 2022 19:31:57 +0000 (UTC) Message-ID: <902a8524-0e36-8515-a380-8b85831e17f7@schaufler-ca.com> Date: Fri, 26 Aug 2022 12:31:55 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH] Smack: Provide read control for io_uring_cmd Content-Language: en-US To: Paul Moore Cc: Jens Axboe , Ankit Kumar , io-uring@vger.kernel.org, joshi.k@samsung.com, casey@schaufler-ca.com References: <20220719135234.14039-1-ankit.kumar@samsung.com> <116e04c2-3c45-48af-65f2-87fce6826683@schaufler-ca.com> <83a121d5-a2ec-197b-708c-9ea2f9d0bd6a@schaufler-ca.com> <2e6b56cf-d04b-6537-62f4-a4cb0191172a@kernel.dk> <537daae0-606c-3db4-59dc-2165cc4d212c@schaufler-ca.com> From: Casey Schaufler In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.20595 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Precedence: bulk List-ID: X-Mailing-List: io-uring@vger.kernel.org On 8/26/2022 12:10 PM, Paul Moore wrote: > On Fri, Aug 26, 2022 at 3:04 PM Casey Schaufler wrote: >> On 8/26/2022 11:59 AM, Paul Moore wrote: >>> On Fri, Aug 26, 2022 at 12:53 PM Casey Schaufler wrote: >>>> On 8/26/2022 8:15 AM, Paul Moore wrote: >>>>> On Tue, Aug 23, 2022 at 8:07 PM Jens Axboe wrote: >>>>>> On 8/23/22 6:05 PM, Paul Moore wrote: >>>>>>> On Tue, Aug 23, 2022 at 7:46 PM Casey Schaufler wrote: >>>>>>>> Limit io_uring "cmd" options to files for which the caller has >>>>>>>> Smack read access. There may be cases where the cmd option may >>>>>>>> be closer to a write access than a read, but there is no way >>>>>>>> to make that determination. >>>>>>>> >>>>>>>> Signed-off-by: Casey Schaufler >>>>>>>> -- >>>>>>>> security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++ >>>>>>>> 1 file changed, 32 insertions(+) >>>>>>>> >>>>>>>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >>>>>>>> index 001831458fa2..bffccdc494cb 100644 >>>>>>>> --- a/security/smack/smack_lsm.c >>>>>>>> +++ b/security/smack/smack_lsm.c >>>>>>> ... >>>>>>> >>>>>>>> @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void) >>>>>>>> return -EPERM; >>>>>>>> } >>>>>>>> >>>>>>>> +/** >>>>>>>> + * smack_uring_cmd - check on file operations for io_uring >>>>>>>> + * @ioucmd: the command in question >>>>>>>> + * >>>>>>>> + * Make a best guess about whether a io_uring "command" should >>>>>>>> + * be allowed. Use the same logic used for determining if the >>>>>>>> + * file could be opened for read in the absence of better criteria. >>>>>>>> + */ >>>>>>>> +static int smack_uring_cmd(struct io_uring_cmd *ioucmd) >>>>>>>> +{ >>>>>>>> + struct file *file = ioucmd->file; >>>>>>>> + struct smk_audit_info ad; >>>>>>>> + struct task_smack *tsp; >>>>>>>> + struct inode *inode; >>>>>>>> + int rc; >>>>>>>> + >>>>>>>> + if (!file) >>>>>>>> + return -EINVAL; >>>>>>> Perhaps this is a better question for Jens, but ioucmd->file is always >>>>>>> going to be valid when the LSM hook is called, yes? >>>>>> file will always be valid for uring commands, as they are marked as >>>>>> requiring a file. If no valid fd is given for it, it would've been >>>>>> errored early on, before reaching f_op->uring_cmd(). >>>>> Hey Casey, where do things stand with this patch? To be specific, did >>>>> you want me to include this in the lsm/stable-6.0 PR for Linus or are >>>>> you planning to send it separately? If you want me to send it up, are >>>>> you planning another revision? >>>>> >>>>> There is no right or wrong answer here as far as I'm concerned, I'm >>>>> just trying to make sure we are all on the same page. >>>> I think the whole LSM fix for io_uring looks better the more complete >>>> it is. I don't see the Smack check changing until such time as there's >>>> better information available to make decisions upon. If you send it along >>>> with the rest of the patch set I think we'll have done our best. >>> Okay, will do. Would you like me to tag the patch with the 'Fixes:' >>> and stable tags, similar to the LSM and SELinux patches? >> Yes, I think that's best. > Done and merged to lsm/stable-6.0. I'm going to let the automated > stuff do it's thing and assuming no problems I'll plan to send it to > Linus on Monday ... sending stuff like this last thing on a Friday is > a little too risky for my tastes. Agreed. Thank you.